cvelistv5 - cve-2013-4508

CVE-2013-4508 (GCVE-0-2013-4508)

Vulnerability from cvelistv5

Published

2013-11-08 02:00

Modified

2024-08-06 16:45

Severity ?

CWE

Summary

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.

References

►

URL

Tags

	http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2013/11/04/19	mailing-list, x_refsource_MLIST
	http://marc.info/?l=bugtraq&m=141576815022399&w=2	vendor-advisory, x_refsource_HP
	http://redmine.lighttpd.net/issues/2525	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html	vendor-advisory, x_refsource_SUSE
	https://www.debian.org/security/2013/dsa-2795	vendor-advisory, x_refsource_DEBIAN
	http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2913/diff/	x_refsource_CONFIRM
	http://jvn.jp/en/jp/JVN37417423/index.html	third-party-advisory, x_refsource_JVN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:15.220Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt"
          },
          {
            "name": "[oss-security] 20131104 Re: CVE Request: lighttpd using vulnerable cipher suites with SNI",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/11/04/19"
          },
          {
            "name": "HPSBGN03191",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://redmine.lighttpd.net/issues/2525"
          },
          {
            "name": "openSUSE-SU-2014:0072",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html"
          },
          {
            "name": "DSA-2795",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2013/dsa-2795"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2913/diff/"
          },
          {
            "name": "JVN#37417423",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN37417423/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-11-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-19T04:06:11",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt"
        },
        {
          "name": "[oss-security] 20131104 Re: CVE Request: lighttpd using vulnerable cipher suites with SNI",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/11/04/19"
        },
        {
          "name": "HPSBGN03191",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://redmine.lighttpd.net/issues/2525"
        },
        {
          "name": "openSUSE-SU-2014:0072",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html"
        },
        {
          "name": "DSA-2795",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2013/dsa-2795"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2913/diff/"
        },
        {
          "name": "JVN#37417423",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN37417423/index.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4508",
    "datePublished": "2013-11-08T02:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:15.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4508

Vulnerability from jvndb

Published

2021-02-19 16:44

Modified

2021-02-25 15:31

Severity ?

6.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

Multiple vulnerabilities in SolarView Compact

Details

SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. *Exposure of information through directory listing (CWE-548) - CVE-2021-20656 *Improper access control (CWE-284) - CVE-2021-20657 *OS command injection (CWE-78) - CVE-2021-20658 *Unrestricted upload of file with dangerous type (CWE-434) - CVE-2021-20659 *Cross-site scripting (CWE-79) - CVE-2021-20660 *Directory traversal (CWE-23) - CVE-2021-20661 *Missing authentication for critical function (CWE-306) - CVE-2021-20662 *Using components with known vulnerabilities (CWE-1035) - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324 The product uses previous versions of vsfpd and lighttpd with known vulnerabilities. CVE-2021-20656 Kouichirou Okada, Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20657, CVE-2021-20658 Takayuki Sasak, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20659, CVE-2021-20660, CVE-2021-20661, CVE-2021-20662 Kouichirou Okada, Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Kouichirou Okada, Katsunari Yoshioka of Yokohama National University reported to IPA that CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323 and CVE-2014-2324 vulnerabilities still exist in the product. JPCERT/CC coordinated with the developer.

References

►

Type

URL

	JVN	https://jvn.jp/en/jp/JVN37417423/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0762
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4362
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4508
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4559
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4560
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20656
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20657
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20658
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20659
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20660
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20661
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20662
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0762
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4362
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4508
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4559
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4560
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-2323
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-2324
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20656
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20657
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20658
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20659
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20660
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20661
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20662
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

►

Vendor

Product

Contec

SolarView Compact SV-CPT-MC310

Show details on JVN DB website